CVE-2025-40901

Vulnerability

The Credentials Manager in Nozomi Networks Guardian and CMC (versions prior to 26.1.0) is vulnerable to Stored HTML Injection due to improper validation of an input parameter. An authenticated user with administrative privileges can define an identity containing arbitrary HTML tags. The injected HTML is stored and later rendered when another user attempts to delete that identity [1].

Exploitation

An attacker must have administrative access to the Credentials Manager. The attacker creates a malicious identity with embedded HTML, such as a phishing form or a redirect link. When a victim (another administrator) deletes the identity, the injected HTML executes in their browser. The advisory notes that full XSS is prevented by existing validation and Content Security Policy, but the injection can still be used for phishing and open redirect attacks [1].

Impact

Successful exploitation enables the attacker to conduct phishing attacks or open redirects, potentially leading to credential theft or redirecting users to malicious sites. However, direct information disclosure or arbitrary code execution is not achievable due to the existing security measures [1].

Mitigation

Upgrade to version 26.1.0 or later of Guardian/CMC, which fixes the input validation issue [1]. As a workaround, limit access to the web management interface using internal firewall features, review all administrative accounts and remove unnecessary ones, and review existing identities stored in the Credentials Manager [1].